Help removing a Trj/downloader.GK, please

After running a Panda software scan, I've found a Trj/Downloader.GK. If anyone could possibly help me, I'd be greatly appreciative.

Here's the latest HijackThis log:

Logfile of HijackThis v1.97.7
Scan saved at 1:50:56 PM, on 10/3/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINDOWS\System32\MSupdate32.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\winmplayer.exe
C:\Program Files\Windows SyncroAd\SyncroAd.exe
C:\WINDOWS\System32\wuarpc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\schost.exe
C:\Documents and Settings\user\Application Data\ocre.exe
C:\WINDOWS\System32\l?gonui.exe
C:\Program Files\Windows SyncroAd\WinSync.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\Web_Rebates\WebRebates1.exe
C:\Program Files\Web_Rebates\WebRebates0.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\user\Local Settings\Temp\Temporary Directory 1 for hjt[2].zip\HijackThis.exe

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: (no name) - {3CD74275-E918-2CE2-8521-6D5509F97F3F} - C:\WINDOWS\System32\ewxo.dll
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [msconfig service] MSupdate32.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Microsoft media services] winmplayer.exe
O4 - HKLM\..\Run: [Windows SyncroAd] C:\Program Files\Windows SyncroAd\SyncroAd.exe
O4 - HKLM\..\Run: [ati control panel] atiphexx.exe
O4 - HKLM\..\Run: [Remote Procedure Call] wuarpc.exe
O4 - HKLM\..\Run: [SYSTRAY] C:\UNMT.EXE
O4 - HKLM\..\Run: [Generic Host Process] schost.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\RunServices: [msconfig service] MSupdate32.exe
O4 - HKLM\..\RunServices: [Msbb.exe] Msbb.exe
O4 - HKLM\..\RunServices: [Microsoft media services] winmplayer.exe
O4 - HKLM\..\RunServices: [ati control panel] atiphexx.exe
O4 - HKLM\..\RunServices: [Remote Procedure Call] wuarpc.exe
O4 - HKLM\..\RunServices: [Generic Host Process] schost.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Generic Host Process] schost.exe
O4 - HKCU\..\Run: [Pums] C:\Documents and Settings\user\Application Data\ocre.exe
O4 - HKCU\..\Run: [Owptxnn] C:\WINDOWS\System32\l?gonui.exe
O4 - HKCU\..\Run: [Remote Procedure Call] wuarpc.exe
O4 - HKCU\..\RunServices: [Remote Procedure Call] wuarpc.exe
O4 - HKLM\..\RunOnce: [djtopr1150.exe] "C:\DOCUME~1\user\LOCALS~1\Temp\djtopr1150.exe"
O4 - Startup: Outlook Express.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=f63a97fa31be1e1e83776f2f51a98d634331b77d2c7ed9ca536e7b07e4a1007c468ba8a36a6e64fe4389c4d9708d1c47e1 06573840:76041570233c3e8b29c2abfd4ad9ef19
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/3003b3d056ee43225d03/netzip/RdxIE601.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{30F6E826-92D9-4B96-A52A-88D6CC243E7F}: NameServer = 206.47.244.43 206.47.244.107
O17 - HKLM\System\CS1\Services\Tcpip\..\{30F6E826-92D9-4B96-A52A-88D6CC243E7F}: NameServer = 206.47.244.43 206.47.244.107
O17 - HKLM\System\CS2\Services\Tcpip\..\{30F6E826-92D9-4B96-A52A-88D6CC243E7F}: NameServer = 206.47.244.43 206.47.244.107

C:\Program Files\Windows SyncroAd\SyncroAd.exe
C:\Program Files\Windows SyncroAd\WinSync.exe

are spyware caused from the same app. I believe it can be removed from Add/Remove Progs.

djtopr1150.exe is spyware too.

Also the webrebates stuff is bad news too. Try hijackthis first, otherwise try adaware in safe mode and a full av scan in safe mode. Run hijackthis again after.